PCI COMPLIANCE

PCI COMPLIANCE

TAKING THE COMPLEXITY OUT OF COMPLIANCE.
To underscore our commitment to the security and compliance of payment processing, 24/7merchant service is Payment Card Industry (PCI) compliant and a member of the PCI Security Standards Council—a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

In addition to our affiliations, 24/7merchant service is also a PCI Level one (1) certified solution provider. As such, we’ve partnered with an Approved Scanning Vendor and Qualified Security Assessor, 403 Labs, to offer 24/7merchant service merchants PCI DSS validation services at a significantly reduced cost.

 

THE SUPPORT YOU NEED

24/7merchant service monitors the transaction volume for all merchants to identify the PCI DSS compliance level. For the Level 1 and Level 2 merchants who are required to complete the Report on Compliance (ROC), 24/7merchant service provides monitoring and reminders, applies for extensions as applicable and serves as the liaison between the merchant and the brands. For our small and medium business customers, we recommend that you download and enact what is required for you to be PCI compliant.
PCI DSS – YOUR RESPONSIBILITIES

If you are a merchant that accepts payment cards, you are encouraged to comply with the PCI Data Security Standard, an actionable framework for developing a robust payment card data security process—including prevention, detection and appropriate reaction to security incidents. You are responsible for protecting cardholder data at the point-of-sale, and as it flows into the payment system. The best step you can take is to not store any cardholder data. Heartland’s E3 and tokenization solutions help you achieve this by removing you 60–70% from scope, depending on the hardware used. [Link to Coalfire Report here]

Adhering to the PCI DSS is not achieved through a single event, but is a continuous, ongoing process. By being compliant, you protect:

  • Card readers.
  • Point-of-sale systems.
  • Store networks and wireless access routers.
  • Payment card data storage and transmission.
  • Payment card data stored in paper-based records. 

In order to secure your payment acceptance and processing, you need to:

  • Buy and use only approved PIN entry devices at your points-of-sale.
  • Buy and use only validated payment software at your POS or for your website shopping cart.
  • Do not store any sensitive cardholder data in computers or on paper.
  • Use a firewall on your network and PCs.
  • Make sure your wireless router is password-protected and uses encryption.
  • Use strong passwords. Be sure to change default passwords on hardware and software—most are unsafe!
  • Regularly check PIN entry devices and PCs to make sure no one has installed rogue software or “skimming” devices.
  • Teach your employees about security and protecting cardholder data.

.